*** Guest State ***
BUG: unable to handle kernel paging request at fffffffffffffff8
IP: ttwu_do_wakeup+0xa4/0x710 kernel/sched/core.c:1677
PGD 5e28067 P4D 5e28067 PUD 5e2a067 PMD 0 
Oops: 0002 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 4564 Comm: syz-executor3 Not tainted 4.15.0-rc1-next-20171128+ #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d43ea140 task.stack: ffff8801cce88000
RIP: 0010:ttwu_do_wakeup+0xa4/0x710 kernel/sched/core.c:1677
RSP: 0018:ffff8801db407820 EFLAGS: 00010046
RAX: 1ffff10039f2b451 RBX: ffff8801db427900 RCX: ffff8801db4282e8
RDX: 1ffff1003b685062 RSI: ffff8801db427918 RDI: ffff8801cf95a288
RBP: ffff8801db407900 R08: 1ffffffff0a54f55 R09: ffff8801c45b82b0
R10: 1ffff1003b680edf R11: 0000000000000003 R12: 1ffff1003b680f07
R13: ffff8801cf95a280 R14: ffff8801db4078d8 R15: dffffc0000000000
FS:  00007f0f75f4d700(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffff8 CR3: 00000001d0b6f000 CR4: 00000000001426f0
Call Trace:
 <IRQ>
 ttwu_do_activate+0x151/0x200 kernel/sched/core.c:1722
 ttwu_queue kernel/sched/core.c:1866 [inline]
 try_to_wake_up+0xa8d/0x1600 kernel/sched/core.c:2079
 wake_up_process+0x10/0x20 kernel/sched/core.c:2152
 hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1598
 __run_hrtimer kernel/time/hrtimer.c:1348 [inline]
 __hrtimer_run_queues+0x373/0xea0 kernel/time/hrtimer.c:1411
 hrtimer_interrupt+0x2a5/0x6f0 kernel/time/hrtimer.c:1469
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline]
 smp_apic_timer_interrupt+0x14a/0x700 arch/x86/kernel/apic/apic.c:1050
 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:907
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:777 [inline]
RIP: 0010:lock_release+0x68d/0xda0 kernel/locking/lockdep.c:4026
RSP: 0018:ffff8801cce8e8f8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff11
RAX: dffffc0000000000 RBX: 1ffff100399d1d24 RCX: ffff8801d43eaa28
RDX: 1ffffffff0bd9729 RSI: 0000000000000002 RDI: 0000000000000282
RBP: ffff8801cce8ea68 R08: ffffffff85f44b80 R09: 1ffff100399d1d28
R10: ffff8801d43ea140 R11: 0000000000000001 R12: ffff8801cce8e940
R13: ffff8801d43ea140 R14: 19954e0290166418 R15: 0000000000000003
 rcu_lock_release include/linux/rcupdate.h:249 [inline]
 rcu_read_unlock include/linux/rcupdate.h:686 [inline]
 __unlock_page_memcg+0x72/0x100 mm/memcontrol.c:1668
 unlock_page_memcg+0x2c/0x40 mm/memcontrol.c:1677
 page_remove_file_rmap mm/rmap.c:1247 [inline]
 page_remove_rmap+0x3b7/0xe90 mm/rmap.c:1298
 zap_pte_range mm/memory.c:1334 [inline]
 zap_pmd_range mm/memory.c:1438 [inline]
 zap_pud_range mm/memory.c:1467 [inline]
 zap_p4d_range mm/memory.c:1488 [inline]
 unmap_page_range+0xfc3/0x22e0 mm/memory.c:1509
 unmap_single_vma+0x15f/0x2d0 mm/memory.c:1554
 unmap_vmas+0xf1/0x1b0 mm/memory.c:1584
 exit_mmap+0x232/0x530 mm/mmap.c:3020
 __mmput kernel/fork.c:967 [inline]
 mmput+0x223/0x6c0 kernel/fork.c:988
 exit_mm kernel/exit.c:544 [inline]
 do_exit+0x90a/0x1ae0 kernel/exit.c:856
 do_group_exit+0x149/0x400 kernel/exit.c:972
 get_signal+0x73f/0x16c0 kernel/signal.c:2335
 do_signal+0x94/0x1ee0 arch/x86/kernel/signal.c:809
 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158
 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264
 entry_SYSCALL_64_fastpath+0x94/0x96
RIP: 0033:0x4529d9
RSP: 002b:00007f0f75f4cce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00000000007581b8 RCX: 00000000004529d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000007581b8
RBP: 00000000007581b8 R08: 0000000000000231 R09: 0000000000758190
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000a6f7ff R14: 00007f0f75f4d9c0 R15: 0000000000000006
Code: f2 c7 40 10 f3 f3 f3 f3 e8 2a fc ff ff 49 8d 7d 08 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85 46 06 00 00 49 c7 45 08 00 00 00 00 <cc> a0 01 00 00 65 8b 05 f0 de b4 7e 89 c0 48 0f a3 05 f6 6a 12 
RIP: ttwu_do_wakeup+0xa4/0x710 kernel/sched/core.c:1677 RSP: ffff8801db407820
CR2: fffffffffffffff8
---[ end trace 3c49cd9707747f9c ]---